Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TS 33.246  Word version:  17.0.0

Top   Top   None   None   Next
0…   4…   A…
0 Introduction1 Scope2 References3 Definitions, abbreviations, symbols and conventions3.1 Definitions3.2 Abbreviations3.3 Symbols3.4 Conventions
...

 

0  Introductionp. 7

The security of MBMS provides different challenges compared to the security of services delivered over point-to-point services. In addition to the normal threat of eavesdropping, there is also the threat that it may not be assumed that valid subscribers have any interest in maintaining the privacy and confidentiality of the communications, and they may therefore conspire to circumvent the security solution (for example one subscriber may publish the decryption keys enabling non-subscribers to view broadcast content). Countering this threat requires the decryption keys to be updated frequently in a manner that may not be predicted by subscribers while making efficient use of the radio network. The stage 1 requirements for MBMS are specified in TS 22.146.
Up

1  Scopep. 8

The Technical Specification covers the security procedures of the Multimedia Broadcast/Multicast Service (MBMS) for 3GPP systems (UTRAN, GERAN and E-UTRAN). MBMS is a 3GPP system network bearer service over which many different applications could be carried. The actual method of protection may vary depending on the type of MBMS application.

2  Referencesp. 8

The following documents contain provisions, which, through reference in this text, constitute provisions of the present document.
  • References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
  • For a specific reference, subsequent revisions do not apply.
  • For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TR 21.905: "Vocabulary for 3GPP Specifications".
[2]
TS 22.146: "Multimedia Broadcast/Multicast Service; Stage 1".
[3]
TS 23.246: "Multimedia Broadcast/Multicast Service (MBMS); Architecture and Functional Description".
[4]
TS 33.102: "3G Security; Security Architecture".
[5]
TS 22.246: "MBMS User Services".
[6]
TS 33.220: "Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture".
[7]
TS 31.102: "Characteristics of the USIM application".
[8]
RFC 2617  "HTTP Digest Authentication".
[9]
RFC 3830  "MIKEY: Multimedia Internet KEYing"
[10]
RFC 1982  "Serial Number Arithmetic".
[11]
RFC 3711  "Secure Real-time Transport Protocol".
[12]
TS 43.020: "Security related network functions".
[13]
TS 26.346: "Multimedia Broadcast/Multicast Service; Protocols and Codecs".
[14]
TS 33.210: "Network domain security; IP network layer security".
[15]
OMA-DRM-DCF-v2_0: "OMA DRM Content Format", www.openmobilealliance.org
[16]
RFC 4563  "The Key ID Information Type for the General Extension Payload in Multimedia Internet KEYing (MIKEY)".
[17]
Port numbers at IANA: http://www.iana.org/assignments/port-numbers.
[18]
TS 24.109: "3rd Generation Partnership Project; Technical Specification Group Core Network; Bootstrapping interface (Ub) and network application function interface (Ua); Protocol details".
[19]
RFC 2616  " Hypertext Transfer Protocol -- HTTP/1.1".
[20]
TS 29.109: "3rd Generation Partnership Project; Technical Specification Group Core Network; Generic Authentication Architecture (GAA); Zh and Zn Interfaces based on the Diameter protocol; Stage 3".
[21]
RFC 3629  "UTF-8, a transformation format of ISO 10646".
[22]
RFC 4771  "Integrity Transform Carrying Roll-Over Counter for the Secure Real-time Transport Protocol (SRTP)".
[23]
TS 23.107: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Quality of Service (QoS) concept and architecture".
[24]
OMA DRM v2.0: Extensions for Broadcast Support, Candidate Version 1.0 - 29 May 2007 (OMA-TS-DRM_XBS-V1_0-20070529-C).
[25]
RFC 3376  "Internet Group Management Protocol, Version 3".
[26]
RFC 3810  "Multicast Listener Discovery Version 2 (MLDv2) for IPv6".
[27]
TS 25.434: "UTRAN Iub Interface Data Transport and Transport Signalling for Common Transport Channel Data Streams".
[28]
RFC 4303:  "IP Encapsulating Security Payload (ESP)".
[29]
TS 26.237: "IP Multimedia Subsystem (IMS) based Packet Switch Streaming (PSS) and Multimedia Broadcast/Multicast Service (MBMS) User Service; Protocols".
[30]
TS 23.203: "Policy and charging control architecture".
[31]
TS 33.310: "Network Domain Security (NDS); Authentication Framework (AF)".
[32]
RFC 2818:  "HTTP over TLS".
[33]
TS 23.468: "Group Communication System Enablers for LTE (GCSE_LTE); Stage 2".
[34]
TS 22.468: "Group Communication System Enablers for LTE (GCSE_LTE)".
[35]
RFC 3588:  "Diameter Base Protocol".
[36]
RFC 6733:  "Diameter Base Protocol".
[37]
TS 29.368: "Tsp interface protocol between the MTC Interworking Function (MTC-IWF) and Service Capability Server (SCS); Stage 3".
[38]
RFC 5246:  "The Transport Layer Security (TLS) Protocol Version 1.2".
[39]
RFC 6347:  "Datagram Transport Layer Security Version 1.2".
[40]
RFC 5996:  "Internet Key Exchange Protocol Version 2 (IKEv2)".
[41]
TS 29.468: "Group Communication System Enablers for LTE (GCSE_LTE); MB2 Reference Point; Stage 3".
[42]
RFC 768:  "User Datagram Protocol (UDP)".
[43]
RFC 3947  (2005): "Negotiation of NAT-Traversal in the IKE".
[44]
RFC 3948  "UDP Encapsulation of IPsec ESP Packets".
[45]
RFC 6347:  "Datagram Transport Layer Security Version 1.2".
[46]
RFC 4303:  "IP Encapsulating Security Payload (ESP)".
[47]
TS 23.179: " Functional architecture and information flows to support mission critical communication services; Stage 2".
[48]
TS 23.285: "Architecture enhancements for V2X services."
Up

3  Definitions, abbreviations, symbols and conventionsp. 10

3.1  Definitionsp. 10

For the purposes of the present document, the terms and definitions given in TR 21.905 and the following apply.
For the definitions of MBMS User Service refer to TS 22.246.
HDR:
the general MIKEY HeaDeR.
IMPI:
In the context of current specification IMSI is used in the format of IMPI as specified in GBA, cf. TS 33.220.
KEMAC:
A payload included in the MIKEY message, which contains a set of encrypted sub-payloads and a MAC.
Key Group:
A group of MSKs that are identified by the same Key Group part of the MSK ID. Key Group part is used to group keys together in order to allow redundant MSKs to be deleted.
MBMS download session:
See TS 26.346.
MBMS streaming session:
See TS 26.346.
MRK:
MBMS Request Key: This key is to authenticate the UE to the BM-SC when performing key requests etc.
MSK:
MBMS Service Key: The MBMS Service key that is securely transferred (using the key MUK) from the BM-SC towards the UE. The MSK is not used directly to protect the MBMS User Service data (see MTK).
MTK:
MBMS Traffic Key: A key that is obtained by the UICC or ME by calling a decryption function MGV-F with the MSK. The key MTK is used to decrypt the received MBMS data on the ME.
MUK:
MBMS User Key: The MBMS user individual key that is used by the BM-SC to protect the point to point transfer of MSK's to the UE.
Salt key:
a random or pseudo-random string used to protect against some off-line pre-computation attacks on the underlying security protocol.
SEQl:
Lower limit of the MTK ID sequence number interval: Last accepted MTK ID sequence number interval stored within MGV-S. The original value of SEQl is delivered in the key validity data field of MSK messages.
SEQp:
The MTK ID, which is received in a MIKEY packet.
SEQu:
Upper limit of the MTK ID sequence number interval, which is delivered in the key validity data field of MSK messages.
(S)RTP Session:
The (S)RTP and (S)RTCP traffic sent to a specific IP multicast address and port pair (one port each for (S)RTP and (S)RTCP) during the time period the session is specified to exist. An (S)RTP session is used to transport a single media type (e.g. audio, video, or text). An (S)RTP session may contain several different streams of (S)RTP packets using different SSRCs.
Up

3.2  Abbreviationsp. 10

For the purposes of the present document, the following abbreviations apply:
B-TID
Bootstrapping Transaction Identifier
BM-SC
Broadcast-Multicast Service Centre
BSF
Bootstrapping Server Function
DCF
DRM Content Format
DRM
Digital Rights Management
EXT
Extension payload
FDT
FLUTE File Delivery Table
FLUTE
File delivery over Unidirectional Transport
GBA
Generic Bootstrapping Architecture
GBA_ME
ME-based GBA
GBA_U
GBA with UICC-based enhancements
IDi
Identity of the initiator
IDr
Identity of the responder
Ks_ext_NAF
Derived key in GBA_U
Ks_int_NAF
Derived key in GBA_U, which remains on UICC
Ks_NAF
Derived key in GBA_ME of 3G GBA or in 2G GBA
MAC
Message authentication code
MBMS
Multimedia Broadcast/Multicast Service
MGV-F
MBMS key Generation and Validation Function
MGV-S
MBMS key Generation and Validation Storage
MIKEY
Multimedia Internet Keying
MKI
Master Key identifier
MRK
MBMS Request Key
MSK
MBMS Service Key
MTK
MBMS Traffic Key
MUK
MBMS User Key
NAF
Network Application Function
OMA
Open Mobile Alliance
ROC
Roll-Over Counter
SP
Security Policy
SRTCP
Secure RTCP
SRTP
Secure RTP
Up

3.3  Symbolsp. 11

For the purposes of the present document, the following symbols apply:
||
Concatenation

3.4  Conventionsp. 11

All data variables in this specification are presented with the most significant substring on the left hand side and the least significant substring on the right hand side. A substring may be a bit, byte or other arbitrary length bitstring. Where a variable is broken down into a number of substrings, the leftmost (most significant) substring is numbered 0, the next most significant is numbered 1, and so on through to the least significant.

Up   Top   ToC